Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef2/PMioparser.h PMioparser<PMDEC>::readhedge() e->set_vertex().
{ "binaries": [ { "binary_version": "4.2-5ubuntu1", "binary_name": "libcgal-demo" }, { "binary_version": "4.2-5ubuntu1", "binary_name": "libcgal-dev" }, { "binary_version": "4.2-5ubuntu1", "binary_name": "libcgal-ipelets" }, { "binary_version": "4.2-5ubuntu1", "binary_name": "libcgal-qt4-10" }, { "binary_version": "4.2-5ubuntu1", "binary_name": "libcgal-qt4-dev" }, { "binary_version": "4.2-5ubuntu1", "binary_name": "libcgal10" } ] }
{ "binaries": [ { "binary_version": "4.7-4", "binary_name": "libcgal-demo" }, { "binary_version": "4.7-4", "binary_name": "libcgal-dev" }, { "binary_version": "4.7-4", "binary_name": "libcgal-ipelets" }, { "binary_version": "4.7-4", "binary_name": "libcgal-qt5-11" }, { "binary_version": "4.7-4", "binary_name": "libcgal-qt5-dev" }, { "binary_version": "4.7-4", "binary_name": "libcgal11v5" } ] }
{ "binaries": [ { "binary_version": "4.11-2build1", "binary_name": "libcgal-demo" }, { "binary_version": "4.11-2build1", "binary_name": "libcgal-dev" }, { "binary_version": "4.11-2build1", "binary_name": "libcgal-ipelets" }, { "binary_version": "4.11-2build1", "binary_name": "libcgal-qt5-13" }, { "binary_version": "4.11-2build1", "binary_name": "libcgal-qt5-dev" }, { "binary_version": "4.11-2build1", "binary_name": "libcgal13" } ] }